What is an API? What makes them special? And what kind of APIs are out there? #apisecurity #apis #bugbountytips #BugBounty
Recent searches
Search options
#bugbountytips
0 posts0 participants0 posts today
Did you know @owasp has a directory of vulnerable web apps that you can test your skills and new ideas on?
owasp.orgRedirecting…
If you've seen the updated OWASP API Top 10 you may be a bit confused by the "Authorisation" vulnerabilities - aren't they all just explaining the same thing? Here's a breakdown of the 4 access control issues you common see in APIs 
https://www.craft.me/s/CysIiph247P5AQ
#bugbountytips #BugBounty
Announcing the release of ProtoBurp++ (our fork of ProtoBurp)! ProtoBurp++ is a #burpsuite extension that enables #security researchers to encode/decode and fuzz custom Protobuf messages. It allows for fuzzing inputs using Burp's Repeater, Intruder tools and Active Scanner, as well as proxying traffic from other tools (e.g., sqlmap). Check it out today!
GitHubGitHub - doyensec/protoburp: Updated version of the ProtoBurp Extension, with enhanced features and capabilities to encode and fuzz custom protobuf messagesUpdated version of the ProtoBurp Extension, with enhanced features and capabilities to encode and fuzz custom protobuf messages - GitHub - doyensec/protoburp: Updated version of the ProtoBurp Exten...
#ProtonMail - great writeup from @sonarsource on mind-blowing #XSS #vulnerability chain leading to attackers potentially reading your messages.
Sanitiser bypass with a neat trick of using CSS cross-fade()
Fascinating read:
#BugBountyTips
#AppSec
https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-proton-mail/
